The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection as it ingests untrusted text from manuscripts and subsequently uses write/edit capabilities to modify files. Malicious instructions embedded in a manuscript could theoretically influence the agent's behavior.
Ingestion points: Manuscripts read via the Read tool in Phase 1 (SKILL.md).
Boundary markers: Absent; there are no instructions to the agent to treat manuscript content as untrusted or to ignore embedded instructions.
Capability inventory: The agent uses Read, Write, Edit, Grep, and Glob tools to manage manuscript files.
Sanitization: No sanitization or escaping of the input manuscript content is mentioned before it is processed for rewriting.
[SAFE]: No evidence of data exfiltration, credential harvesting, or unauthorized network communication was found. The skill operates entirely within the local file system using tools consistent with its stated purpose.
[SAFE]: The skill references a specific configuration path (~/.claude/rules/journal-ai-image-policies.md) to check for journal compliance. This is a functional requirement for the medical research context and does not target sensitive user data like SSH keys or environment secrets.

humanize